• |

May 14, 2025

DOJ Guidance on Bulk Sensitive Data Rules: Compliance Program, Recordkeeping and Reporting

  • Vincent Pitaro
    Cybersecurity Law Report
To assist companies in complying with its final rules implementing the executive order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern, the DOJ recently released three new guidance documents. The final rules, which the National Security Division of the DOJ refers to as the Data Security Program (DSP), took effect in substantial part on April 8, 2025. With commentary from Edward McNicholas, a partner at Ropes & Gray, this two-part article series highlights the key elements of the guidance. This second installment distills guidance on DSP requirements around the data compliance program, recordkeeping, reporting, licenses and advisory opinions. Part one covered the enforcement grace period, definitions of bulk data and covered persons, and prohibited transactions. See “Examining DOJ’s Final Rules on Access to Government and Sensitive U.S. Personal Data” (Jan. 29, 2025).

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.